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DECISION ON APPEAL 1 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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STATEMENT OF THE CASE 
This is a decision on appeal under 35 U.S.C. § 134(a) from the 

Examiner's rejection of claims 1-28. We have jurisdiction under 35 U.S.C. 

§ 6(b). 

We affirm. 



The invention relates to a system and method for authenticating 
sessions and other transactions (Spec. 1, 11. 9-10). 
Independent claim 1 is illustrative: 



1. A method for authenticating a Web session 
comprising: 

receiving a user ID; 

computing a message digest of the user ID; 
computing an expiration timestamp for the session; 
selecting an index number; 

combining the message digest and expiration timestamp; 

accessing an encryption key using the index number; 

encrypting the combined message using the accessed 
encryption key; and 

converting the encrypted message into an ASCII string. 



The Examiner relies upon the following references as evidence in 
support of the rejection: 



Invention 



References 



Reiche 
Swartz 



US 6,092,196 
US 6,095,418 



Jul. 18, 2000 
Aug. 1, 2000 



2 
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Stern 
Brothers 



US 6,110,044 
US 2002/0083178 Al 



Aug. 29, 2000 
A Jun. 27, 2002 
(filed Aug. 3,2001) 
Dec. 3, 2002 
(filed Nov. 23, 1998) 
Jun. 21, 2005 
(filed Nov. 18, 1996) 



Tan 



US 6,490,353 Bl 



Krishnaswamy 



US 6,909,708 Bl 



T. Berners-Lee, et al, Uniform Resource Locators (URL), Request for 
Comments 1738, p. 5 (Dec. 1994) ("Berners-Lee") 

Verio Glossary Website, P, p. 1 (Oct. 31, 2001) ("Verio") 



Claims 17-20 are rejected under 35 U.S.C. § 101 as being directed to 
non- statutory subject matter. 

Claims 1, 2, 4, 5, 8-13, and 17-24 are rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Reiche and Brothers. 

Claims 3, 14, and 15 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Reiche, Brothers, Berners-Lee, and Verio. 

Claim 6 is rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Reiche, Brothers, and Krishnaswamy. 

Claim 7 is rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Reiche, Brothers, and Tan. 

Claim 16 is rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Reiche, Brothers, Berners-Lee, Tan, and Verio. 2 



2 In rejecting claim 16, the Examiner does not list Verio as a reference, even 
though Verio is used in rejected parent claim 14. We hold this minor 
oversight harmless. 



Rejections 
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Claim 25 is rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Reiche, Brothers, and Swartz. 

Claims 26-28 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Reiche, Brothers, and Stern. 

ISSUES 
Issue I 

Appellant argues that the Examiner's 35 U.S.C. § 101 rejection "is 
inconsistent with the U.S. Patent & Trademark Office's treatment of 
countless other applications" (App. Br. 6). 

Issue: Did the Examiner err in finding that the system claims are 
directed to non-statutory subject matter? 

Issue 2 

Appellant argues that "Reiche doesn't disclose accessing an 
encryption key using the index number" (App. Br. 9). 

Issue: Did the Examiner err in finding that Reiche and Brothers 
would have taught or suggested encrypting a combined message using an 
encryption key accessed using an index number? 

FINDINGS OF FACT 
The following Findings of Fact (FF) are shown by a preponderance of 
the evidence. 

1. The Specification discloses that "logic 150 may be implemented in 
hardware, software, microcode, or a combination thereof (p. 15, 
11. 13-14). 
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2. Reiche discloses that "information is then encrypted (step 258) 
using ... a simple private key encryption algorithm, UUencoding 
and URL [uniform resource locator] encoding the data" (col. 10, 
11. 21-24). 

3. Brothers discloses that "[i]f more than one key is used in the 
system 10, the secure URL generator module can also append key 
index data indicating the key to be used by the RDS [resource 
distribution subsystem] 16 to verify a request to access the 
resource from the WAD [web access device] 12" (f [0104]). 

PRINCIPLES OF LAW 

Patentable subject-matter 
A claim that recites no more than software, logic, or a data structure 
(i.e., an abstraction) does not fall within any statutory category of patentable 
subject matter. In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994). 

Obviousness 

The question of obviousness is resolved on the basis of underlying 
factual determinations including (1) the scope and content of the prior art, 

(2) any differences between the claimed subject matter and the prior art, and 

(3) the level of skill in the art. Graham v. John Deere Co., 383 U.S. 1, 17- 
18 (1966). 

The combination of familiar elements according to known methods is 
likely to be obvious when it does no more than yield predictable results," 
KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007), especially if the 

5 
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combination would not be "uniquely challenging or difficult for one of 
ordinary skill in the art," Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 
F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418). 

ANALYSIS 

Issue I 

Appellant submits that the Examiner's 35 U.S.C. § 101 rejection is 
inconsistent with United States Patent and Trademark Office treatment of 
similar claims in other applications. Based on Appellant's arguments in the 
Appeal Brief, we will decide the appeal of claims 17-20 with respect to issue 
1 on the basis of claim 17. See 37 C.F.R. § 41.37(c)(l)(vii). 

We are not persuaded by Appellant's arguments, which fail to identify 
any error in the substance of the Examiner's rejection. It is irrelevant to the 
present case whether patents have issued with similar claims to those 
rejected. The boundaries of patentable subject-matter are challenging to 
map precisely, with controlling case law in a constant state of flux as the 
universe of clues to patent-eligibility is explored. See, e.g., Bilski v. Kappos, 
130 S. Ct. 3218 (2010). 

Furthermore, Appellant seeks to claim a system comprising nothing 
but logic (claim 17), where logic may be implemented in software (FF 1). 
This claim is therefore directed to software per se, which falls outside the 
scope of patentable subject matter. See In re Warmerdam, 33 F.3d at 1361. 

For at least these reasons, we find no evidence persuasive of error in 
the Examiner's 35 U.S.C. § 101 rejection of claim 17, and claims 18-20 
which fall therewith with respect to this issue. 
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Issue 2 

Appellant challenges the Examiner's finding that Reiche and Brothers 
would have taught or suggested encryption using an encryption key accessed 
using an index number. Based on Appellant's arguments in the Appeal 
Brief, we will decide the appeal of claims 1-28 with respect to issue 2 on the 
basis of claim 1. See 37 C.F.R. § 41.37(c)(l)(vii). 

Appellant erroneously attacks Reiche individually even though the 
rejection is based on the combined teachings and suggestions of Reiche and 
Brothers. One cannot show nonobviousness by attacking references 
individually where the rejections are based on combinations of references. 
In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (citation omitted). 

Reiche teaches encrypting and UUencoding data using a simple 
private key encryption algorithm (FF 2). Brothers teaches use of key index 
data that indicates a key to be used by a resource distribution subsystem to 
verify a request to access a resource (FF 3). Therefore, Reiche and Brothers 
would have taught or suggested encrypting (i.e., using a simple private key 
encryption algorithm) a combined message (data) using an encryption key 
accessed (with a key indicated by) using an index number (key index data). 

We are unpersuaded by Appellant's arguments that "Reiche actually 
teaches away from a system that provides the security offered by the 
[claimed] authentication method" (App. Br. 9). "A reference may be said to 
teach away when a person of ordinary skill, upon reading the reference, 
would be discouraged from following the path set out in the reference, or 
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would be led in a direction divergent from the path that was taken by the 
applicant." In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994). 

Appellant fails to identify any teaching in Reiche that would 
discourage an artisan from using key index data to indicate which key to use 
with a simple private key encryption algorithm. 

We are also unpersuaded by Appellant's position that the rationale for 
combining Reiche and Brothers is merely "the Examiner's subjective 
viewpoint of a perceived benefit that would result IF the combination were 
made" (App. Br. 11). Appellant provides no arguments or evidence to show 
that the identified teachings and suggestions of Reiche and Brothers are 
anything more than known methods combined to yield predictable results. 
Appellant also fails to show that combining these teachings and suggestions 
would be uniquely challenging or difficult to an artisan possessing creativity 
and common sense. 

For at least these reasons, we find no evidence persuasive of error in 
the Examiner's 35 U.S.C. § 103(a) rejection of claim 1, and claims 2-28 
which fall therewith with respect to this issue. 

CONCLUSIONS OF LAW 
Based on the findings of facts and analysis above, we find no 

evidence persuasive of error in the Examiner's findings: 

1. that the system claims are directed to non-statutory subject matter 

(issue 1); and 
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2. that Reiche and Brothers would have taught or suggested 
encrypting a combined message using an encryption key accessed using an 
index number (issue 2). 

DECISION 

We affirm the Examiner's decisions rejecting claims 17-20 under 
35 U.S.C. § 101 and claims 1-28 under 35 U.S.C. § 103(a). 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 



AFFIRMED 



msc 



HEWLETT-PACKARD COMPANY 
Intellectual Property Administration 
3404 E. Harmony Road 
Mail Stop 35 

FORT COLLINS CO 80528 



9 



